A Covert System Identification Attack on Constant Setpoint Control Systems

Industrial Control Systems (ICS) are the brain and backbone of nation's critical infrastructure such as nuclear power, water treatment, and petrochemical plants. In order to increase interoperability, real-time availability of data, and flexibility, information/communication technologies are adopted in this domain. While these information technologies have been effective, they are integrated into operational technologies without the necessary security defense. Designing an effective, layered security defense is not possible unless security threats are identified through a structural analysis of the ICS. For that reason, this paper provides an attacker's point of view on the reconnaissance effort necessary to gather details of the system dynamics - which are required for the development of sophisticated attacks. We present a reconnaissance approach which uses the system's I/O data to infer the dynamic model of the system. In this effort, we propose a novel cyber-attack which targets the controller proportional-integral-derivative gain values in a constant setpoint control system. Our findings will help researchers design more secure control systems.

[1]  Irem Y. Tumer,et al.  Combination of Compositional Verification and Model Checking for Safety Assessment of Complex Engineered Systems , 2014 .

[2]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[3]  Farhad Rasapour,et al.  Misusing Sensory Channel to Attack Industrial Control Systems , 2018, CODASPY.

[4]  D. Malathi,et al.  A Survey on Anomaly Based Host Intrusion Detection System , 2018 .

[5]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[6]  Antonio Visioli,et al.  Practical PID Control , 2006 .

[7]  John Y. Hung,et al.  Denial of service attacks on network-based control systems: impact and mitigation , 2005, IEEE Transactions on Industrial Informatics.

[8]  Jules White,et al.  Cyber-physical vulnerabilities in additive manufacturing systems: A case study attack on the .STL file with human subjects , 2017 .

[9]  Irem Y. Tumer,et al.  Formal Verification of Complex Systems based on SysML Functional Requirements , 2014 .

[10]  Sameer Qazi,et al.  Cyber Security Backdrop: A SCADA testbed , 2014, 2014 IEEE Computers, Communications and IT Applications Conference.

[11]  Roy S. Smith,et al.  Covert Misappropriation of Networked Control Systems: Presenting a Feedback Structure , 2015, IEEE Control Systems.

[12]  Karl Henrik Johansson,et al.  A secure control framework for resource-limited adversaries , 2012, Autom..

[13]  Yinan Wang,et al.  Vulnerability Assessment of Electrical Cyber-Physical Systems against Cyber Attacks , 2018 .

[14]  Babatunde A. Ogunnaike,et al.  Process Dynamics, Modeling, and Control , 1994 .

[15]  Marios M. Polycarpou,et al.  Reducing Vulnerability to Cyber-Physical Attacks in Water Distribution Networks , 2018, 2018 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[16]  Alan Oliveira de Sá,et al.  Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems , 2020, Mob. Networks Appl..

[17]  M. Krotofil,et al.  Rocking the pocket book: Hacking chemical plants for competition and extortion , 2015 .

[18]  Luciana Obregon,et al.  SANS Institute Information Security Reading Room Secure Architecture for Industrial Control Systems , 2019 .

[19]  Raphael Machado,et al.  A controller design for mitigation of passive system identification attacks in networked control systems , 2017, Journal of Internet Services and Applications.

[20]  Roy S. Smith,et al.  A Decoupled Feedback Structure for Covertly Appropriating Networked Control Systems , 2011 .

[21]  Henrik Sandberg,et al.  A Survey of Physics-Based Attack Detection in Cyber-Physical Systems , 2018, ACM Comput. Surv..

[22]  Biao Huang,et al.  System Identification , 2000, Control Theory for Physicists.

[23]  Petre Stoica,et al.  Decentralized Control , 2018, The Control Systems Handbook.

[24]  Raphael Machado,et al.  Covert Attacks in Cyber-Physical Control Systems , 2016, IEEE Transactions on Industrial Informatics.

[25]  Lee W. Lerner Trustworthy Embedded Computing for Cyber-Physical Control , 2015 .